Source: scipy Severity: serious Tags: upstream Justification: Debian policy 2.1 "Debian Freee Software Guidelines"
Dear Maintainer, While reviewing the dask source (which is also affected by this bug) I noticed this header in scipy/stats/stats.py # Copyright 2002 Gary Strangman. All rights reserved # Copyright 2002-2016 The SciPy Developers # # The original code from Gary Strangman was heavily adapted for # use in SciPy by Travis Oliphant. The original code came with the # following disclaimer: # # This software is provided "as-is". There are no expressed or implied # warranties of any kind, including, but not limited to, the warranties # of merchantability and fitness for a given application. In no event # shall Gary Strangman be liable for any direct, indirect, incidental, # special, exemplary or consequential damages (including, but not limited # to, loss of use, data or profits, or business interruption) however # caused and on any theory of liability, whether in contract, strict # liability or tort (including negligence or otherwise) arising in any way # out of the use of this software, even if advised of the possibility of # such damage. Viewable at https://salsa.debian.org/python- team/modules/scipy/-/blob/master/scipy/stats/stats.py The initial copyright as written says "all rights reserved" and the disclaimer does not seem to include any rights to redistribute, which would be a violation of the DFSG. I decided to go look up the original stats.py module by Gary Strangman, and the original site no longer exists. http://www.nmr.mgh.harvard.edu/Neural_Systems_Group/gary/python/stats.py I picked a random version of it from archive.org which lists a GPL-2 license and has the same disclaimer. https://web.archive.org/web/20051224003609/http://www.nmr.mgh.harvard.edu/Neural_Systems_Group/gary/python/stats.py # Copyright (c) 1999-2002 Gary Strangman; All Rights Reserved. # # This software is distributable under the terms of the GNU # General Public License (GPL) v2, the text of which can be found at # http://www.gnu.org/copyleft/gpl.html. Installing, importing or otherwise # using this module constitutes acceptance of the terms of this License. # # Disclaimer # # This software is provided "as-is". There are no expressed or implied # warranties of any kind, including, but not limited to, the warranties # of merchantability and fittness for a given application. In no event # shall Gary Strangman be liable for any direct, indirect, incidental, # special, exemplary or consequential damages (including, but not limited # to, loss of use, data or profits, or business interruption) however # caused and on any theory of liability, whether in contract, strict # liability or tort (including negligence or otherwise) arising in any way # out of the use of this software, even if advised of the possibility of # such damage. # # Comments and/or additions are welcome (send e-mail to: # str...@nmr.mgh.harvard.edu). # """ I didn't find a specific license statement about stats.py in scipy's LICENSES.txt, After digging I did find a mention that stats.py was relicensed as MIT as part of statslib in 2007. https://code.google.com/archive/p/python-statlib/ So I think everything is fine, but I think there should be a better record of everything being fine. Diane -- System Information: Debian Release: bullseye/sid APT prefers testing-debug APT policy: (500, 'testing-debug'), (500, 'oldstable-debug'), (500, 'testing'), (500, 'stable'), (110, 'unstable'), (100, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.4.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash